source: postlfs/security/iptables.xml@ 9f12e36

10.0 10.1 11.0 11.1 11.2 11.3 12.0 12.1 6.2 6.2.0 6.2.0-rc1 6.2.0-rc2 6.3 6.3-rc1 6.3-rc2 6.3-rc3 7.10 7.4 7.5 7.6 7.6-blfs 7.6-systemd 7.7 7.8 7.9 8.0 8.1 8.2 8.3 8.4 9.0 9.1 basic bdubbs/svn elogind gnome kde5-13430 kde5-14269 kde5-14686 kea ken/TL2024 ken/inkscape-core-mods ken/tuningfonts krejzi/svn lazarus lxqt nosym perl-modules plabs/newcss plabs/python-mods python3.11 qt5new rahul/power-profiles-daemon renodr/vulkan-addition systemd-11177 systemd-13485 trunk upgradedb xry111/intltool xry111/llvm18 xry111/soup3 xry111/test-20220226 xry111/xf86-video-removal
Last change on this file since 9f12e36 was 9f12e36, checked in by Randy McMurchy <randy@…>, 18 years ago

Removed 'keywordset' blocks and extra spaces from the XML files (note this was by accident as I meant to do just in the gnome directory but I was in the root of BOOK when I ran the script, but this was going to happen anyway so I don't think it is a big deal)

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@6192 af4574ff-66df-0310-9fd7-8a98e5e911e0
  • Property mode set to 100644
File size: 9.0 KB
Line 
1<?xml version="1.0" encoding="ISO-8859-1"?>
2<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.4//EN"
3 "http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd" [
4 <!ENTITY % general-entities SYSTEM "../../general.ent">
5 %general-entities;
6
7 <!-- Inserted as a reminder to do this. The mention of a test suite
8 is usually right before the root user installation commands. Please
9 delete these 12 (including one blank) lines after you are done.-->
10
11 <!-- Use one of the two mentions below about a test suite,
12 delete the line that is not applicable. Of course, if the
13 test suite uses syntax other than "make check", revise the
14 line to reflect the actual syntax to run the test suite -->
15
16 <!-- <para>This package does not come with a test suite.</para> -->
17 <!-- <para>To test the results, issue: <command>make check</command>.</para> -->
18
19 <!ENTITY iptables-download-http "http://www.iptables.org/files/iptables-&iptables-version;.tar.bz2">
20 <!ENTITY iptables-download-ftp "ftp://ftp.netfilter.org/pub/iptables/iptables-&iptables-version;.tar.bz2">
21 <!ENTITY iptables-md5sum "00fb916fa8040ca992a5ace56d905ea5">
22 <!ENTITY iptables-size "187 KB">
23 <!ENTITY iptables-buildsize "5.0 MB">
24 <!ENTITY iptables-time "0.2 SBU">
25]>
26
27<sect1 id="iptables" xreflabel="iptables-&iptables-version;">
28 <?dbhtml filename="iptables.html"?>
29
30 <sect1info>
31 <othername>$LastChangedBy$</othername>
32 <date>$Date$</date>
33 </sect1info>
34
35 <title>Iptables-&iptables-version;</title>
36
37 <indexterm zone="iptables">
38 <primary sortas="a-Iptables">Iptables</primary>
39 </indexterm>
40
41 <sect2 role="package">
42 <title>Introduction to Iptables</title>
43
44 <para>The next part of this chapter deals with firewalls. The principal
45 firewall tool for Linux, as of the 2.4 kernel series, is
46 <application>iptables</application>. It replaces
47 <application>ipchains</application> from the 2.2 series and
48 <application>ipfwadm</application> from the 2.0 series. You will need to
49 install <application>iptables</application> if you intend on using any
50 form of a firewall.</para>
51
52 <bridgehead renderas="sect3">Package Information</bridgehead>
53 <itemizedlist spacing="compact">
54 <listitem>
55 <para>Download (HTTP): <ulink url="&iptables-download-http;"/></para>
56 </listitem>
57 <listitem>
58 <para>Download (FTP): <ulink url="&iptables-download-ftp;"/></para>
59 </listitem>
60 <listitem>
61 <para>Download MD5 sum: &iptables-md5sum;</para>
62 </listitem>
63 <listitem>
64 <para>Download size: &iptables-size;</para>
65 </listitem>
66 <listitem>
67 <para>Estimated disk space required: &iptables-buildsize;</para>
68 </listitem>
69 <listitem>
70 <para>Estimated build time: &iptables-time;</para>
71 </listitem>
72 </itemizedlist>
73
74 <para condition="html" role="usernotes">User Notes:
75 <ulink url="&blfs-wiki;/iptables"/></para>
76
77</sect2>
78
79 <sect2 role="kernel" id='iptables-kernel'>
80 <title>Kernel Configuration</title>
81
82 <para>A firewall in Linux is accomplished through a portion of the
83 kernel called netfilter. The interface to netfilter is
84 <application>iptables</application>. To use it, the appropriate
85 kernel configuration parameters are found in Networking &rArr;
86 Networking Options &rArr; Network Packet Filtering &rArr;
87 Core Netfilter Configuration (and) IP: Netfilter Configuration.</para>
88
89 <indexterm zone="iptables iptables-kernel">
90 <primary sortas="d-iptables">Iptables</primary>
91 </indexterm>
92
93 </sect2>
94
95 <sect2 role="installation">
96 <title>Installation of Iptables</title>
97
98 <note>
99 <para>Installation of <application>iptables</application> will fail
100 if raw kernel headers are found in <filename
101 class='directory'>/usr/src/linux</filename> either as actual files
102 or a symlink. As of the Linux 2.6 kernel series, this directory
103 should no longer exist because appropriate headers were installed
104 from the <application>Linux-Libc-Headers</application> package during
105 the base LFS installation.</para>
106
107 <para>For some non-x86 architectures, the raw kernel headers may be
108 required. In that case, add the environment variable
109 <envar>KERNEL_DIR=/usr/src/linux</envar> to the make commands below.</para>
110 </note>
111
112 <para>Install <application>iptables</application> by running the following
113 commands:</para>
114
115<screen><userinput>make PREFIX=/usr LIBDIR=/lib BINDIR=/sbin</userinput></screen>
116
117 <para>Now, as the <systemitem class="username">root</systemitem> user:</para>
118
119<screen role="root"><userinput>make PREFIX=/usr LIBDIR=/lib BINDIR=/sbin install</userinput></screen>
120
121 </sect2>
122
123 <sect2 role="commands">
124 <title>Command Explanations</title>
125
126 <para><parameter>PREFIX=/usr LIBDIR=/lib BINDIR=/sbin</parameter>:
127 Compiles and installs <application>iptables</application> libraries
128 into <filename class="directory">/lib</filename>, binaries into
129 <filename class="directory">/sbin</filename> and the remainder into
130 the <filename class="directory">/usr</filename> hierarchy instead of
131 <filename class="directory">/usr/local</filename>. Firewalls are
132 generally activated during the boot process and
133 <filename class="directory">/usr</filename> may not be mounted at
134 that time.</para>
135
136 </sect2>
137
138 <sect2 role="configuration">
139 <title>Configuring Iptables</title>
140
141 <para>Introductory instructions for configuring your firewall are
142 presented in the next section: <xref linkend='fw-firewall'/></para>
143
144 <sect3 id="iptables-init">
145 <title>Boot Script</title>
146
147 <para>To set up the iptables firewall at boot, install the
148 <filename>/etc/rc.d/init.d/iptables</filename> init script included
149 in the <xref linkend="bootscripts"/> package.</para>
150
151 <indexterm zone="iptables iptables-init">
152 <primary sortas="f-iptables">iptables</primary>
153 </indexterm>
154
155<screen role="root"><userinput>make install-iptables</userinput></screen>
156
157 </sect3>
158
159 </sect2>
160
161 <sect2 role="content">
162 <title>Contents</title>
163
164 <segmentedlist>
165 <segtitle>Installed Programs</segtitle>
166 <segtitle>Installed Libraries</segtitle>
167 <segtitle>Installed Directory</segtitle>
168
169 <seglistitem>
170 <seg>iptables, iptables-restore, iptables-save and ip6tables</seg>
171 <seg>libip6t_*.so and libipt_*.so</seg>
172 <seg>/lib/iptables</seg>
173 </seglistitem>
174 </segmentedlist>
175
176 <variablelist>
177 <bridgehead renderas="sect3">Short Descriptions</bridgehead>
178 <?dbfo list-presentation="list"?>
179 <?dbhtml list-presentation="table"?>
180
181 <varlistentry id="iptables-prog">
182 <term><command>iptables</command></term>
183 <listitem>
184 <para>is used to set up, maintain, and inspect the tables of
185 IP packet filter rules in the Linux kernel.</para>
186 <indexterm zone="iptables iptables-prog">
187 <primary sortas="b-iptables">iptables</primary>
188 </indexterm>
189 </listitem>
190 </varlistentry>
191
192 <varlistentry id="iptables-restore">
193 <term><command>iptables-restore</command></term>
194 <listitem>
195 <para>is used to restore IP Tables from data
196 specified on STDIN. Use I/O redirection provided by your
197 shell to read from a file.</para>
198 <indexterm zone="iptables iptables-restore">
199 <primary sortas="b-iptables-restore">iptables-restore</primary>
200 </indexterm>
201 </listitem>
202 </varlistentry>
203
204 <varlistentry id="iptables-save">
205 <term><command>iptables-save</command></term>
206 <listitem>
207 <para>is used to dump the contents of an IP Table
208 in easily parseable format to STDOUT. Use I/O-redirection
209 provided by your shell to write to a file.</para>
210 <indexterm zone="iptables iptables-save">
211 <primary sortas="b-iptables-save">iptables-save</primary>
212 </indexterm>
213 </listitem>
214 </varlistentry>
215
216 <varlistentry id="ip6tables">
217 <term><command>ip6tables</command></term>
218 <listitem>
219 <para>is used to set up, maintain, and inspect the tables of
220 IPv6 packet filter rules in the Linux kernel. Several different
221 tables may be defined. Each table contains a number of built-in
222 chains and may also contain user-defined chains.</para>
223 <indexterm zone="iptables ip6tables">
224 <primary sortas="b-ip6tables">ip6tables</primary>
225 </indexterm>
226 </listitem>
227 </varlistentry>
228
229 <varlistentry id="libip-iptables">
230 <term><filename class='libraryfile'>libip*.so</filename></term>
231 <listitem>
232 <para>library modules are various modules (implemented as dynamic
233 libraries) which extend the core functionality of
234 <command>iptables</command>.</para>
235 <indexterm zone="iptables libip-iptables">
236 <primary sortas="c-libip-iptables">libip*.so</primary>
237 </indexterm>
238 </listitem>
239 </varlistentry>
240
241 </variablelist>
242
243 </sect2>
244
245</sect1>
Note: See TracBrowser for help on using the repository browser.